14d54d272cb24f2ca10fd1cf129961e1b170588766b292a157a79a34503f87bb | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

Partnershi...ing.js

windows10-2004-x64

8

Sharing

General

Target

HDsLEDOZtugfuMW8vAkiT4.zip
Size

25.9MB
Sample

230701-m6nh1ahh4w
MD5

98a2c16374f64882920269f0c39c467b
SHA1

3b012728ff28c2aae7b1c78154a864f3888e4e5f
SHA256

14d54d272cb24f2ca10fd1cf129961e1b170588766b292a157a79a34503f87bb
SHA512

06fd730162315591dd39e28383745fc3a9f478e07734df3a1405760a670ff067df5bdb9ffe1b6fbac8df00f04b8a744f024dd5562b3c911844079c60fdc1e7dc
SSDEEP

393216:9etFKkZbquzP+fXg0PdDuIFfO5W2FAAJESy8eCpB7KZY14qEEbIp1//KiUGn5x/9:tk4o0FuIwLWSd14jiIn/Ke5VH2C

Score

8^/10

discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

Partnership Marketing.js

Resource

win10v2004-20230621-en

discovery persistence

windows10-2004-x64

22 signatures

300 seconds

Malware Config

Targets

- Target
  
  Partnership Marketing.js_
- Size
  
  40.7MB
- MD5
  
  ced1980b38233f3f981d7ddeb3d73870
- SHA1
  
  1c4b76cd846c2e459881d9032192e459009f3a52
- SHA256
  
  623d10caa476ecad6a35805d7146e5e9127d0eeb4096005e0cb0e1319c39f94f
- SHA512
  
  c48ad205d7f062858155c142196397cc4701010551ec5dab36cec181c0848861784f915ea6d261d19f522177c1b6333bf3ce7704c2f455dba32f6391da25ed29
- SSDEEP
  
  49152:ApDBtclILT4s3sYcTKA/TS4iKCeCXlwmNjG4qy6y8FyIzJvEX2bsxlWio18URIQj:AO
Score

8^/10

discovery persistence
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

© 2018-2025

Terms | Privacy